Hi, I would like to work on this issue. However, I have 2 problems : I am not sure where to start. And I don't have any tests that I can work on. I tried looking up stuff in the "database" but all of them already yanked their vulnerable versions preventing me from getting them...

thank you :)

Oh wait, there are no fixed versions for these either

what is the format of the database's table?
the suggestions by the cargo-audit defaults to the latest version, which is not secure....
AFAIK, there must be a change in rustsec repo for this to be more robust i.e. says that there are no secure versions available!

so a fix command would need to walk that dependency graph from a vulnerable dependency to its edges, and then map the edges to crates in the local workspace, and then find the relevant dependency in the local crate's [dependencies] in Cargo.toml